Doubt about Nat0

Answered Question
Jul 1st, 2008

Hi,

I am receiving following message in my syslog server related to PIX 525 IOS version 7.2

PIX-3-305005: No translation group found for udp src outside:10.3.210.155/57156 dst inside:svhm-dc1/53

The traffic 10.3.210.155 is outside the PIX interface and svhm-dc1 is behind the inside interface. I have nat0 rule for inside the subnet (svhm-dc1) so that it will send the traffic as it is without natting. But as per syslog description I need to do nat0 on 10.3.210.155 which is outside the pix interface. I would like to know how solve this configuration error issue.

Cheers,

siva

Correct Answer by javedtahir about 8 years 7 months ago

you only need to define a static to allow traffic from outside to access the server placed behind inside. like

static(inside,outside) svhm-dc1 svhm-dc1 netmask 255.255.255.255

it will resovle the issue 100%.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
purohit_810 Tue, 07/01/2008 - 17:59

Have you an access-list accordingly?

Can you give me your configuration?

It should be like this....Ex

static (inside,outside) udp interface 137 INTERNALIPADDRESS 137 netmask 255.255.255.255

access-list outside2inside permit udp any interface outside eq 137

access-group outside2inside in interface outside

OR

static (inside,outside) udp PUBLICIP 137 INTERNALIPADDRESS 137 netmask 255.255.255.255

access-list outside2inside permit udp any host PUBLICIP eq 137

access-group outside2inside in interface outside

Thanks,

Dharmesh Putohiy

sivakumar.ks Tue, 07/01/2008 - 20:48

Hi Dharmesh,

My config is 1400 lines. So I can't send that. But here I have pasted the access-group which has corresponding access list.

access-group outside_access_in in interface outside

access-group inside_access_in in interface inside

nat (inside) 0 access-list inside_nat0_acl

host svhm-dc1 is sitting behind PIX inside interface and host 10.3.210.155 is sitting outside the PIX interface and I am using NAT0 for inside interface to communication with 10.3.210.155.

Let me know whether this information is enough or not.

Cheers,

siva

Correct Answer
javedtahir Wed, 07/02/2008 - 03:24

you only need to define a static to allow traffic from outside to access the server placed behind inside. like

static(inside,outside) svhm-dc1 svhm-dc1 netmask 255.255.255.255

it will resovle the issue 100%.

Actions

This Discussion